[Twisted-Python] Twisted conch bad key signatures
All, I've got an SSH server (Extremeware 7.3 router) which OpenSSH can SFTP into without problem but Twisted Conch reports: 2005/12/20 17:50 GMT [-] Log opened. 2005/12/20 17:50 GMT [-] Enabling Multithreading. 2005/12/20 17:50 GMT [Transport,client] kex alg, key alg: diffie-hellman-group1-sha1 ssh-dss 2005/12/20 17:50 GMT [Transport,client] client->server: 3des-cbc hmac-md5 none 2005/12/20 17:50 GMT [Transport,client] server->client: 3des-cbc hmac-md5 none 2005/12/20 17:50 GMT [Transport,client] host key fingerprint: 51:11:e1:76:89:f8:cd:af:8c:09:42:9e:37:a8:0a:36 2005/12/20 17:50 GMT [Transport,client] Disconnecting with error, code 3 reason: bad signature 2005/12/20 17:50 GMT [Transport,client] connection lost 2005/12/20 17:50 GMT [Transport,client] Stopping factory <twisted.internet.protocol._InstanceFactory instance at 0xb71b6b0c> 2005/12/20 17:50 GMT [-] Received SIGINT, shutting down. 2005/12/20 17:50 GMT [-] Main loop terminated. (cftp does the same). What debugging do I need to do to identify the cause?
Phil Mayers wrote:
Run OpenSSH with debugging on. I'm guessing that they're enabling a workaround for a non-compliant server. -p -- Paul Swartz (o_ http://www.twistedmatrix.com/users/z3p.twistd/ _o) //\ z3p@twistedmatrix.com /\\ V_/_ AIM: z3penguin _\_V->
Paul Swartz wrote:
Run OpenSSH with debugging on. I'm guessing that they're enabling a workaround for a non-compliant server.
-p
Hmm. psftp (Putty SFTP) reports: Server version: SSH-2.0-2.0.12 (non-commercial) We believe remote version has SSH2 HMAC bug We claim version: SSH-2.0-PuTTY-Release-0.54 Using SSH protocol version 2 Doing Diffie-Hellman key exchange Host key fingerprint is: ssh-dss 1024 51:11:e1:76:89:f8:cd:af:8c:09:42:9e:37:a8:0a:36 Initialised Blowfish client->server encryption Initialised Blowfish server->client encryption Using username "admin". ...but the Twisted SFTP bombs out in _continueGEX_GROUP, well before the HMAC bug becomes an issue. The Putty, OpenSSH and (sadly) Twisted Conch code are more or less incomprehensible at first glance (dynamic imports, for hot rooting action!) so I think I'll have to leave this to one side.
Phil Mayers wrote:
Run OpenSSH with debugging on. I'm guessing that they're enabling a workaround for a non-compliant server. -p -- Paul Swartz (o_ http://www.twistedmatrix.com/users/z3p.twistd/ _o) //\ z3p@twistedmatrix.com /\\ V_/_ AIM: z3penguin _\_V->
Paul Swartz wrote:
Run OpenSSH with debugging on. I'm guessing that they're enabling a workaround for a non-compliant server.
-p
Hmm. psftp (Putty SFTP) reports: Server version: SSH-2.0-2.0.12 (non-commercial) We believe remote version has SSH2 HMAC bug We claim version: SSH-2.0-PuTTY-Release-0.54 Using SSH protocol version 2 Doing Diffie-Hellman key exchange Host key fingerprint is: ssh-dss 1024 51:11:e1:76:89:f8:cd:af:8c:09:42:9e:37:a8:0a:36 Initialised Blowfish client->server encryption Initialised Blowfish server->client encryption Using username "admin". ...but the Twisted SFTP bombs out in _continueGEX_GROUP, well before the HMAC bug becomes an issue. The Putty, OpenSSH and (sadly) Twisted Conch code are more or less incomprehensible at first glance (dynamic imports, for hot rooting action!) so I think I'll have to leave this to one side.
participants (2)
-
Paul Swartz -
Phil Mayers